CVE-2024-58284
PopojiCMS 2.0.1 Remote Command Execution via Authenticated Metadata Settings
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands through a GET parameter.
| CWE | CWE-94 |
| Vendor | popojicms |
| Product | popojicms |
| Published | Dec 10, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for popojicms popojicms
Be the first to know when new unknown vulnerabilities affecting popojicms popojicms are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
Affected Versions
PopojiCMS / PopojiCMS
2.0.1
References
exploit-db.com: https://www.exploit-db.com/exploits/52022 popojicms.org: https://www.popojicms.org/ github.com: https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip github.com: https://github.com/PopojiCMS/PopojiCMS vulncheck.com: https://www.vulncheck.com/advisories/popojicms-remote-command-execution-via-authenticated-metadata-settings
Credits
Ahmet Γmit BAYRAM